PeerGuardian Linux (pgl) is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges). pgl is based on the Linux kernel netfilter framework and iptables.
All the configuration files are located in Template:Filename:
- Template:Filename contains a list of URL for retrieving the various block lists,
- Template:Filename, empty by default, overrides the default settings present in Template:Filename,
- Template:Filename lists custom IP ranges that won't be filtered.
The most important aspect that you'll want to change as soon as possible are the preconfigured block lists. The default lists in Template:Filename block many potentially legitimate IP address, so use your best judgment and the information available at I-Blocklist to make your choice.
If you install pgl on a workstation, it is recommended to disable the filtering of HTTP connections. To do that, copy the following in Template:Filename:
Also, depending on the lists you use, some program might not be able to reach the outside world. For instance, if you use MSN for instant messaging, you'll need to add port 1863 to the white list:
WHITE_TCP_OUT="http https 1863"
Conversely, you could white list all the ports except the ones used by the program you are trying to restrain. The following example only use the block lists to stop incoming traffic on ports 53 (DNS) and 80 (HTTP):
Once you are comfortable with the configuration of both the daemon and the lists, type in:
# rc.d start pgl
To make sure that pgl works as intended, issue this command:
# pglcmd test
Should you want pgl to run automatically, just add “pgl” to your Template:Filename DAEMONS array.